<?php
/**
 * <https://y.st./>
 * Copyright © 2019 Alex Yst <mailto:copyright@y.st>
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org./licenses/>.
**/

$xhtml = array(
	'<{title}>' => 'Permissions',
	'<{subtitle}>' => 'Written in <span title="Operating Systems 2">CS 3307</span> by <a href="https://y.st./">Alexand(er|ra) Yst</a>, finalised and <a href="https://y.st./en/coursework/CS3307/Permissions.xhtml">archived</a> on 2019-05-29',
	'<{copyright year}>' => '2019',
	'takedown' => '2017-11-01',
	'<{body}>' => <<<END
<div class="APA_title_page">
	<p>
		Permissions<br/>
		Alexand(er|ra) Yst<br/>
		<span title="Operating Systems 2">CS 3307</span>
	</p>
</div>
<h2>Screenshots</h2>
<p>
	I would normally include a screenshot for each question, but there seven questions in this assignment and the university doesn&apos;t allow us to upload that many screenshots.
	The first command has a lot of output, but the rest of the commands all have short enough output to put on a single screenshot, so that&apos;s what I did to remain under the limit.
	For <kbd>ls -la</kbd>, see the first screenshot, and for all other commands, see the second.
</p>
<img src="/img/CC_BY-SA_4.0/y.st./coursework/CS3307/ls_-la.png" alt="ls -la" class="framed-centred-image" width="661" height="771"/>
<img src="/img/CC_BY-SA_4.0/y.st./coursework/CS3307/chmod.png" alt="chmod" class="framed-centred-image" width="661" height="456"/>
<h2><kbd>ls -la</kbd></h2>
<p>
	First, we take a look at the output of <kbd>ls -la</kbd> from the home directory.
	Most of what I have there are directories with names starting with a full stop.
	While applications <strong>*should*</strong> store their settings and data in a subdirectory of <code>~/.config</code> or <code>~/.local</code>, many instead add directories directly to the home directory, cluttering it up.
	These directories typically start with a full stop, as depending on your settings, your file manager will hide these directories from you so you don&apos;t have to see them.
	I don&apos;t have my file manager set that way though, as I prefer to actually see what&apos;s there.
	Even if I had them hidden in the file manager though, the <kbd>ls -la</kbd> command would show them anyway.
</p>
<p>
	As you can see, I have read, write, and execute permissions on all the directories, aside from <code>..</code>, which is owned by <code>root</code>.
	On that directory, I only have read and execute permissions.
	On most of my directories, anyone that isn&apos;t me has permission to read and execute, but not write.
	Some directories are not able to be accessed at all by people other than myself.
	On my files, I have read and write permissions, while everyone else can only read.
</p>
<h2><code>A.txt</code></h2>
<p>
	Next, we&apos;re asked to create an empty file called <code>A.txt</code>.
	Normally, I&apos;d created that from the file manager, but because we&apos;re working on the command line right now, I instead used the <code>touch</code> command.
	When used on files that don&apos;t exist, those files are created as empty files.
	That&apos;s exactly what we need right now.
</p>
<p>
	When we check the file permissions for our new file using <kbd>ls -l A.txt</kbd>, we see that I am both the owner and the group, and that I&apos;m allowed to read from and write to the file.
	Everyone else is only allowed to read from the file.
	They wouldn&apos;t see anything interesting if they did though, as the file is completely empty!
	We can see by the zero before the date that the file is zero bytes long.
</p>
<p>
	Next, we add execution permission for the owner of the file by running <kbd>chmod u+x A.txt</kbd>.
	We check that the permission change was successful by running <kbd>ls -l A.txt</kbd> again, and see that I am indeed allowed to execute the file now.
	Running it wouldn&apos;t do anything though, as it&apos;d be treated as an empty script at this point, assuming the system even knew how to execute it at all without an opening line telling it which scripting language to use or a file extension hinting at what type of script it might be.
</p>
<p>
	After that, we use <kbd>chmod g-r A.txt</kbd> to remove the group permission to read, then verify that it worked using <kbd>ls -l A.txt</kbd> again.
	For the purposes of this assignment, it&apos;s useful to do this to show we know how.
	However, if this file actually was anything important, removing the group read permission wouldn&apos;t do anything.
	As we can see, the file has me as both the owner and the group.
	As such, the group permissions are never used, as the owner permissions take priority.
	I&apos;ll still be able to read this file.
</p>
<p>
	Next, we use <kbd>chmod 666 A.txt</kbd>.
	This should allow our dark lord and master to access the file.
	Ha ha, no, just kidding.
	The first digit represents the owner&apos;s permissions to access the file, the second digit represents the group&apos;s permissions to access the file, and the third digit represents everyone else&apos;s permissions to access the file.
	A value of four represents read permission and a value of two represents write permission (University of the People, n.d.).
	Adding them together results in a six, so a six represents read permission and write permission, but no execution permission.
	We check that the command set the permissions the way we intended by running <kbd>ls -l A.txt</kbd> again, and find that it did exactly what we expected.
</p>
<p>
	Finally, we run <kbd>chmod 764 A.txt</kbd>.
	As mentioned before, a four represents read permission, so everyone besides the owner and group should now have read permission.
	Also as previously discussed, a six represents both read permission and write permission, so the group has both of those permissions.
	Finally, a one represents permission to execute, so if we add one to six, we get seven, representing full permission ro read, write, and execute (University of the People, n.d.).
	The owner should now be allowed to do all three.
	We verify using the <kbd>ls -l A.txt</kbd> command one final time, and see that everything worked as intended.
</p>
<h2>Conclusion</h2>
<p>
	File permissions are one of the powerful features of Linux.
	In particular, they&apos;re one of the reasons Linux viruses (which do exist) can&apos;t do much to your computer.
	First of all, a virus isn&apos;t allowed to execute unless you set its file to have execution permission.
	Until you do that, the virus is just another file, and won&apos;t be treated as a program and run.
	Secondly, even if you did give the virus execution permission, it&apos;d only be able to wreck havoc on your personal files, not the whole operating system.
	This is because when you run a program, it runs as you.
	Any file you&apos;re not allowed to modify, the virus is also not allowed to modify.
	The exception to this is that if the virus takes advantage of a vulnerability in the system, it might be able to elevate its permission and access whatever it likes.
	Vulnerabilities in Linux tend to be patcher very quickly though, so if you keep your operating system up to date, that won&apos;t be a problem.
</p>
<div class="APA_references">
	<h2>References:</h2>
	<p>
		University of the People. (n.d.). <a href="https://my.uopeople.edu/mod/workshop/view.php?id=173024">Programming Assign. Unit 7 (Submission phase)</a>. Retrieved from <code>https://my.uopeople.edu/mod/workshop/view.php?id=173024</code>
	</p>
</div>
END
);
